[Owasp-leaders] next steps

Dirk Wetter dirk at owasp.org
Tue Jun 7 14:23:31 UTC 2016


Hi Andrew,

thx  -- but honestly: sorry. There are still some questions unanswered.

Am 06/07/2016 um 11:22 AM schrieb Andrew van der Stock:
> For everyone's information, the Board has been working on this for a fair amount of time. Tom
> got the ball rolling with creating these logos, and obtaining leader and member feedback on the
> best logos to use. 
> 
> Since Dirk's initial questions relating to potential abuse of our logos, Josh, Tom, and Michael
> have met with various open source foundations about their trademark / logo usage, and have
> reported back to the Board. We also have acquired some legal advice, and started down the
> process of filing for a TM for our MAIN logo. The supporter logo will be changed once we have
> taken on board legal advice relating to our better understanding of how best to protect OWASP
> as well to get our brand out there. 

I still don't get and I never received an explanation from the board

* why do we want to have supporter logos?
* why do we publish them without proper TM oder branding guide
* why don't we pull the logos NOW before having a proper TM/policy

> However, it is my understanding that we will not be satisfying the calls for tighter
> restrictions on the OWASP supporter logo. It's 100% designed to be widely used to indicate
> current membership / sponsorship of OWASP. 

But all due respect but --- what???

Why is it supposed to be "100% designed to be widely used"? Who said so?


It also appears some kind of absurd to me that I filed a complaint to the
board. The board or at least one person in the board picked up the idea
of a supporter logo and was probably the first one tweeting it from his own
company account (RT'd by two chapters on the east coast! See link below).


Cheers, Dirk


> 
> On Tue, Jun 7, 2016 at 2:27 PM, Andy Lewis <alewis at owasp.org <mailto:alewis at owasp.org>> wrote:
> 
>     +1  I strongly agree w/filing for a trademark immediately if we don't already own it. 
>     There are strong incentives for filing immediately, and needless penalties for delay.  
> 
>     If the plan is to resolve this at AppSec EU in a few weeks, please do so, pay to include
>     one or more attorneys, and publish the results. 
> 
>     This has been a passionate discussion because we HAVE built a brand that has a good
>     reputation, and abuse of that brand by anyone tarnishes the brand and therefore demeans the
>     value of our outreach and our efforts.  Let's protect our property, achieve a decision on
>     usage vs abuse, and get on with our mission in a way that allows us all to feel good about
>     who we are and what we're doing.
> 
>     Trademark first, policies second, open and transparent along the way as always please :-)
> 
>     @Johanna & Dirk - thanks.  There's a balance available somewhere between outreach & abuse. 
>     Thanks for pointing out that we may be out of balance.  I've been volunteering at OWASP in
>     one capacity or another for 10 (!) years.  I've been frustrated often, and angered more
>     than once.  You are making a difference.  Only you can decide whether it's worth the
>     frustration.  I hope you decide it is.
> 
>     My 2 cents.
>     Andy
> 
>     On Mon, Jun 6, 2016 at 10:07 AM, Dirk Wetter <dirk at owasp.org <mailto:dirk at owasp.org>> wrote:
> 
> 
> 
>         Hi all and especially global board members,
> 
>         to move forward there are also other steps which need to be done (no sequence suggested):
> 
>         A) Don't know whether anything has been discussed in May's board meeting. The agenda
>            doesn't look like it has been the case.
> 
>            My request to the board: Pls discuss logo usage again at the next board meeting in June.
>            Pls check before who in the global board has used or plans to use the supporter
>         logo. This
>            e.g. https://twitter.com/Proactive_RISK/status/732930631626264576 appears
>            to me like a conflict of interest.
> 
>         B) Before any trademark and good usage guide is established the best would be
>            to pull the supporter logos. It seems to me we're doing the second step before
>            we decided properly on the first. A year to close this gap sounds not at all good
>            to me.
> 
>         C) Let's discuss what the benefit for using an OWASP logo for
>            externals is as opposed to the risk of commercialization of OWASP.
> 
>         D) Consult a lawyer, file for a trademark NOW (wasn't there s.th <http://s.th>. wrt to
>         USPTO?).
> 
>         E) Discuss my/other suggestions of branding guide overhauls
> 
> 
>         Again: This is a basic question of how much vendor involvement we want. Be assured
>         if there are gaps in the guidelines/no-existing trademarks, some vendors will always
>         try to use those gaps. Their agenda is making money and if we do not clearly define our
>         red line others will interpret it in a way they like.
> 
>         I do not want a future where every vendor can use an OWASP supporter or OWASP whatever
>         logo.
> 
>         Thx, Dirk
> 
> 
> 
>         Am 06/06/2016 um 05:33 PM schrieb Dirk Wetter:
>         > Hi Liam and all,
>         >
>         > Am 05/20/2016 um 06:38 PM schrieb Liam Smit:
>         >> Hi Dirk
>         >>
>         >> On Fri, May 20, 2016 at 5:57 PM, Dirk Wetter <dirk at owasp.org <mailto:dirk at owasp.org> <mailto:dirk at owasp.org <mailto:dirk at owasp.org>>>
>         wrote:
>         >>
>         >>
>         >>     Am 05/20/2016 um 05:07 PM schrieb johanna curiel curiel:
>         >>
>         >>
>         >> <snip>
>         >>
>         >>     > Abuses will happen where financial gain is.If putting this logo can help me sell...well you bet the first ones happy will be the vendors.
>         >>     > Contrast did that with OWASP benchmark publicising OWASP logo 'sponsored by' even the DHS logo.
>         >>     > https://twitter.com/jctechno/status/672079500033814528
>         >>
>         >>     Ok, a TM would have helped here maybe.
>         >>
>         >>
>         >>     But in general this is why I think giving away a supporter logo is not good either -- the
>         >>     only point where we have
>         >>     a different stance so far:
>         >>
>         >>     My firm belief is if you give a away a logo you can't control the usage. It's like putting
>         >>     a vulnerable
>         >>     web application in the internet. Somebody will find and hack/abuse it. It also doesn't
>         >>     matter if a law is
>         >>     saying that it shouldn't been hacked [1]. Same with the logo. Giving a logo away is like
>         >>     announcing
>         >>     a vulnerable web app to all bad guys. So a supporter logo could be an invitation to abuse
>         >>     (ideas see my first mail).
>         >>
>         >>     Also I do not understand the point in the first place: Why do we want to give a away a
>         >>     logo? What's
>         >>     our added benefit?
>         >>
>         >>     Thus I find a very strict logo policy accompanied with a proper TM the right thing to do.
>         >>     There's
>         >>     still potential for abuse but at least you did the best reasonably possible..
>         >>
>         >>     Look at ISACA. You can't use the logo without written consent by ISACA.
>         >>
>         >>
>         >> Why don't you put forward a strict logo use policy?
>         >>
>         >> Obviously it might not be adopted if most people prefer a looser logo usage policy but if you
>         >> don't put anything forward then I highly doubt anything will come of you merely stating your
>         >> preference for a strict usage policy.
>         >
>         > fair enough.
>         >
>         > Not so many people responded, so I wanted to limit my investment in terms of time.
>         >
>         > Suggestion:
>         >
>         > --snip
>         >
>         > The OWASP logo (future: is a trademark and) is the property of the OWASP Foundation.
>         >
>         > * OWASP logos must not be used by individuals or organizations to promote commercial products,
>         > services, or events such as conferences, courses.
>         > * OWASP logos must not be used in a manner that suggests that The OWASP Foundation supports,
>         > advocates, endorses, or recommends any particular product, services or technology.
>         > * OWASP logos must not be used in a manner that suggests that a product or technology is
>         > compliant with any OWASP Materials
>         > * OWASP logos must not be used in a manner that suggests that a product or technology can
>         > enable compliance with any OWASP Materials
>         > * OWASP logos may be used by special arrangement with The OWASP Foundation. Requests to use
>         > OWASP logos should be directed in writing to
>         >   <fillinmailaddresshere>. Requests will be evaluated on a case-by-case basis by a compliance team.
>         > * The special arrangement can be withdrawn by OWASP at any point of time.
>         >
>         > --snap
>         >
>         > I was replacing brand by logo. I haven't seen @
>         > https://www.owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES
>         > any definition of the term "brand". If that would be clarified we could swap that back.
>         >
>         >
>         >
>         >
>         > Cheers, Dirk
>         >
>         >
> 
>         --
>         German OWASP Chapter Lead
>         Send me encrypted mails (Key ID 0xB818C039)
> 
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 

-- 
German OWASP Chapter Lead
Send me encrypted mails (Key ID 0xB818C039)



More information about the OWASP-Leaders mailing list